Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14/05/2024, 18:09
Behavioral task
behavioral1
Sample
078b5b6c7b8024ea516eee1af3934b50_NeikiAnalytics.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
078b5b6c7b8024ea516eee1af3934b50_NeikiAnalytics.pdf
Resource
win10v2004-20240426-en
General
-
Target
078b5b6c7b8024ea516eee1af3934b50_NeikiAnalytics.pdf
-
Size
319KB
-
MD5
078b5b6c7b8024ea516eee1af3934b50
-
SHA1
9e635b7ff1f6a54a87e3186e2c5e86e8ccb93d98
-
SHA256
f478c407d99eedd59a0afe6e304108886debce4ec1e8fef9ff918cab211cc599
-
SHA512
76f4105f22234f8e0a3c58e93b35837a0ed9b7c81f74843c9ae7f16237e738493a1a3c9c0a716439f1c002bb64fc740cb3fea36024af622b9673f984f83ad191
-
SSDEEP
6144:IEvhyJZXZJuW4eYgRV3kdb9oJyMIgo7ZzAEgpmZ4RiP4CaiYC0QM938FK:IE+ZXZJuBe3RXLWZzJXZ3P4ClPM1n
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2988 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2988 AcroRd32.exe 2988 AcroRd32.exe 2988 AcroRd32.exe 2988 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\078b5b6c7b8024ea516eee1af3934b50_NeikiAnalytics.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2988
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5efe162f3a7d2cdd493d9feca12e3a205
SHA109bd24fa136679e13d1a93d376c929d85029ee66
SHA25645bef7ca552462dd41396bb74f16e1b3e875e4773363a5e72869596d7be9fe07
SHA512532432614491a5846ff4095bf8c41db34d8695d2883df8b65588b9ba0882d4919794a601097db456774264497e1b15e6fa37ef843e5843611cc9033f08fbf0a8